Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 930
  • Last Modified:

SBS 2011 - Exchange 2010 - Delayed incoming email

Hey Guys

I've got a strange thing happening with some incoming emails from certain domains.
A user will send an email out at say 9.08am.
The email is received by the recipient within a minute or so.
The recipient emails back their reply 20min later say 9.27am.
But the doesn't receive the reply until 5.04pm that day.
This is happening in OWA as well as Outlook.

I have checked the connection logs for that time and I can't see any errors.

One thing I noticed in the receive logs is quite a few errors about "4.3.2 Service not available". Though those errors don't really occur at the same time as I'd expect the reply to come in.

Here is a screenshot of the log for one of the days that the issue occurred (however I think that looks like an issue with their printer):
receive connector log
Are there any other logs you would suggest looking at?
Do you think it's more likely the recipients exchange server?

Kind Regards
Aaron
0
moncomp
Asked:
moncomp
  • 9
  • 4
1 Solution
 
donnkCommented:
show the full email header for the one where you say the email hits your server at 9:27 but the server doesnt deliver it until 5:04
0
 
moncompAuthor Commented:
Here is the email header info:

Received: from webhosting.x.x.x (x.x.x.x) by myexchangeserver.com
 (192.168.45.10) with Microsoft SMTP Server (TLS) id 14.1.438.0; Mon, 9 Dec
 2013 17:04:06 +0800
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=sendingserver.com;
      h=Received:From:To:References:In-Reply-To:Subject:Date:Message-ID:MIME-Version:Content-Type:X-Mailer:Thread-Index:Content-Language:X-Source:X-Source-Args:X-Source-Dir;
      b=DHkmUqJqbh+bvV3zJkrw+uxqBYIeK3o9QaKRk1DbjDw9GpO75eWJvjUyNFJioQtsCGGfQqYJswecU4AVmx3SCzl2IXg+CHQ2SXyTyP/ciJ7Eeb53/HQQh/6t2qZ7Eqeo;
Received: from [x.x.x.x] (helo=userPC)      by webhosting.x.x.x with esmtpa
 (Exim 4.69)      (envelope-from <sender@sendersdomain.com>)      id
 1VpqYQ-0004Pd-Qn      for user@myexchangeserver.com; Mon, 09 Dec 2013 09:26:38
 +0700
From: Sender <sender@sendersdomaincom>
To: 'User' <user@myexchangeservercom>
References: <46B795CAF3E4BA49BF741C6B56B43391DFD01F@SERVER.local>
In-Reply-To: <46B795CAF3E4BA49BF741C6B56B43391DFD01F@SERVER.local>
Subject: RE: SENDERS SUBJECT
Date: Mon, 9 Dec 2013 09:26:38 +0700
Message-ID: <000901cef486$16f47e80$44dd7b80$@sendersdomain.com>
MIME-Version: 1.0
Content-Type: multipart/related;
      boundary="----=_NextPart_000_000A_01CEF4C0.C355C780"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQFi1XZufTGydSp2DdoKCVd2eZByYZsjYMZg
Content-Language: en-us
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - webhosting.x.x.x
X-AntiAbuse: Original Domain - myexchangeserver.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - sendersdomain.com
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: sender@sendersdomain.com
X-MS-Exchange-Organization-AuthSource: SERVER.local
X-MS-Exchange-Organization-AuthAs: Anonymous
X-EsetId: 56DCDF3D23A3BB2505918E
0
 
donnkCommented:
ok so this his your mail server at  Mon, 09 Dec 2013 09:26:38, now show the tracking log from exchange toolbox for this email.

Also I see the header is being interfered with:

X-AntiAbuse      This header was added to track abuse, please include it with any abuse report

What is doing this ? Is your exchange box the MX record server or are you pulling email from another server ?
0
Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

 
moncompAuthor Commented:
is this what you are after?
tracking log
0
 
donnkCommented:
X-AntiAbuse  this looks to be the  issue. Where is it being applied ?
0
 
moncompAuthor Commented:
Good question. That I'm not sure of. How do I track that down? Is that definitely going to be my end, not the recipients end?

Anti-Spam is disabled on the SBS 2011 Exchange server.
Could that be applied by the firewall?
0
 
moncompAuthor Commented:
The server is set as the MX server, it's not using POP3 connector if that's what you meant.
0
 
donnkCommented:
normally cpanel boxes add it, are these delayed mails always from the same people ?
0
 
moncompAuthor Commented:
I think the user has only complained about two domains only.

I went back over the email history for the sender linked to the above logs.
There only seems to be X-AntiAbuse information attached to email when the email has is being replied to by the sender.

Here is the host that's doing it by the looks from the logs: X-AntiAbuse: Primary Hostname - webhosting.u.net.id

I think that's the senders domain. Maybe their email is housed in cpanel?
0
 
Andrew DavisManagerCommented:
okay the delay is from webhosting.x.x.x to you. I am going to assume that webhosting.x.x.x is the ISP or smart host being used by the sender, and it is getting bogged down with sending the mail.

to read headers a great tool is http://mxtoolbox.com/EmailHeaders.aspx

Simply paste the headers and it will give you a report that makes more sense.

Cheers
Andrew
0
 
moncompAuthor Commented:
I'll send a query about this this to the IT admin department that manages the host and see what they think.

Many thanks for your help Andrew :)
0
 
moncompAuthor Commented:
hey one thing I notice when I run the read header tool is the total delay is really long.
Total Delay:       23848 seconds
The delay is only showing on my exchange server side.

Do you think I should be concerned about that at all?
0
 
moncompAuthor Commented:
Hey donnk

Found the issue with Fortigate support.
We updated the firmware to the latest version as their version was quite old.
But then we found someone had configured bandwidth management on all SMTP traffic. We removed and issue has not returned! :)
0
 
moncompAuthor Commented:
found a firewall configuration issue that resolved the problem.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 9
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now